cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

start
CloseProcesses:
CreateRestorePoint:
(Abengine) C:\Program Files (x86)\Fast-Search\acengine.exe
(The l4bs) C:\Users\Rahmounette\AppData\Local\Temp\WIZZ\ioprotect.exe
(Factory ranked updater) C:\Users\Rahmounette\AppData\Local\Temp\WIZZ\ioproduct.exe
(SS) C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe
(SS) C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NWEReboot] => [X]
HKLM-x32\...\Run: [rec_en_77] => [X]
HKLM-x32\...\RunOnce: [IOPROTECT] => C:\Users\Rahmounette\AppData\Local\Temp\WIZZ\ioproduct_service.bat [128 2015-10-17] () <===== ATTENTION
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll => Pas de fichier
Startup: C:\Users\Rahmounette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk [2012-08-25]
ShortcutTarget: tbhcn.lnk -> C:\Users\Rahmounette\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\acengine.dll [269832 2015-09-03] (Abengine)
Winsock: Catalog9 02 C:\Windows\SysWOW64\acengine.dll [269832 2015-09-03] (Abengine)
Winsock: Catalog9 03 C:\Windows\SysWOW64\acengine.dll [269832 2015-09-03] (Abengine)
Winsock: Catalog9 04 C:\Windows\SysWOW64\acengine.dll [269832 2015-09-03] (Abengine)
Winsock: Catalog9 15 C:\Windows\SysWOW64\acengine.dll [269832 2015-09-03] (Abengine)
Winsock: Catalog9-x64 01 C:\Windows\system32\acengine64.dll [318720 2015-09-03] (Abengine)
Winsock: Catalog9-x64 02 C:\Windows\system32\acengine64.dll [318720 2015-09-03] (Abengine)
Winsock: Catalog9-x64 03 C:\Windows\system32\acengine64.dll [318720 2015-09-03] (Abengine)
Winsock: Catalog9-x64 04 C:\Windows\system32\acengine64.dll [318720 2015-09-03] (Abengine)
Winsock: Catalog9-x64 15 C:\Windows\system32\acengine64.dll [318720 2015-09-03] (Abengine)
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1445068343&z=683a741e108108c4b6654d4g3z0z4wae8qdb8cfz1c&from=tugss&uid=st9500420as_5vj22t6t&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1445068343&z=683a741e108108c4b6654d4g3z0z4wae8qdb8cfz1c&from=tugss&uid=st9500420as_5vj22t6t&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1445068343&z=683a741e108108c4b6654d4g3z0z4wae8qdb8cfz1c&from=tugss&uid=st9500420as_5vj22t6t&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1445068343&z=683a741e108108c4b6654d4g3z0z4wae8qdb8cfz1c&from=tugss&uid=st9500420as_5vj22t6t&q={searchTerms}
HKU\S-1-5-21-2305815244-784425162-993307193-1001\Software\Microsoft\Internet Explorer\Main,Default_search_url = hxxp://www.istartsurf.com/web/?type=ds&ts=1445068343&z=683a741e108108c4b6654d4g3z0z4wae8qdb8cfz1c&from=tugss&uid=st9500420as_5vj22t6t&q={searchTerms}
HKU\S-1-5-21-2305815244-784425162-993307193-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1445068343&z=683a741e108108c4b6654d4g3z0z4wae8qdb8cfz1c&from=tugss&uid=st9500420as_5vj22t6t&q={searchTerms}
HKU\S-1-5-21-2305815244-784425162-993307193-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cassiopessa.com/?f=1&a=csp_tuto16_15_43&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDtDzz0A0CyB0C0DtBtByBtN0D0Tzu0StCtAzytBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0EtDtAyE0B0F0AtGyBtDyC0EtG0Azz0CzztGyByEyEzztGyByEzy0EtA0EzzyEyEtAtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzzyCyDtCtA0AyBtGtDyB0FyEtGyEzz0BtCtGzy0DyE0AtG0C0E0CyB0EyEyD0C0F0ByDtB2QtN0A0LzuyE&cr=133848097&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tuto16_15_43&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDtDzz0A0CyB0C0DtBtByBtN0D0Tzu0StCtAzytBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0EtDtAyE0B0F0AtGyBtDyC0EtG0Azz0CzztGyByEyEzztGyByEzy0EtA0EzzyEyEtAtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzzyCyDtCtA0AyBtGtDyB0FyEtGyEzz0BtCtGzy0DyE0AtG0C0E0CyB0EyEyD0C0F0ByDtB2QtN0A0LzuyE&cr=133848097&ir=
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AB45D6FF-EC9A-4E39-A7A6-BA7A39BA769C} URL = hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2305815244-784425162-993307193-1001 -> DefaultScope {566B3DA9-3021-4AE3-82C6-CE21D3AEE2E3} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tuto16_15_42&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDtDzz0A0CyB0C0DtBtByBtN0D0Tzu0StCtAzzyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBtC0FyEyDyCzztBtGyC0BtB0EtGyD0D0AtDtGtCtCyD0AtG0Czy0CyCtB0DtDzzzz0C0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzzyCyDtCtA0AyBtGtDyB0FyEtGyEzz0BtCtGzy0DyE0AtG0C0E0CyB0EyEyD0C0F0ByDtB2QtN0A0LzuyE&cr=629382398&ir=
SearchScopes: HKU\S-1-5-21-2305815244-784425162-993307193-1001 -> {08412486-EA6E-4862-A541-37499E2D3BC5} URL =
SearchScopes: HKU\S-1-5-21-2305815244-784425162-993307193-1001 -> {4327FABE-3C22-4689-8DBF-D226CF777FE9} URL = hxxp://plusnetwork.com/?sp=brw&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2305815244-784425162-993307193-1001 -> {566B3DA9-3021-4AE3-82C6-CE21D3AEE2E3} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tuto16_15_42&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDtDzz0A0CyB0C0DtBtByBtN0D0Tzu0StCtAzzyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBtC0FyEyDyCzztBtGyC0BtB0EtGyD0D0AtDtGtCtCyD0AtG0Czy0CyCtB0DtDzzzz0C0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzzyCyDtCtA0AyBtGtDyB0FyEtGyEzz0BtCtGzy0DyE0AtG0C0E0CyB0EyEyD0C0F0ByDtB2QtN0A0LzuyE&cr=629382398&ir=
SearchScopes: HKU\S-1-5-21-2305815244-784425162-993307193-1001 -> {73D3DCB3-9C46-4525-8771-771C01DA490C} URL =
SearchScopes: HKU\S-1-5-21-2305815244-784425162-993307193-1001 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tuto16_15_43&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyDtDzz0A0CyB0C0DtBtByBtN0D0Tzu0StCtAzytBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0EtDtAyE0B0F0AtGyBtDyC0EtG0Azz0CzztGyByEyEzztGyByEzy0EtA0EzzyEyEtAtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzzyCyDtCtA0AyBtGtDyB0FyEtGyEzz0BtCtGzy0DyE0AtG0C0E0CyB0EyEyD0C0F0ByDtB2QtN0A0LzuyE&cr=133848097&ir=
SearchScopes: HKU\S-1-5-21-2305815244-784425162-993307193-1001 -> {AB45D6FF-EC9A-4E39-A7A6-BA7A39BA769C} URL =
Toolbar: HKU\S-1-5-21-2305815244-784425162-993307193-1001 -> Pas de nom - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Pas de fichier
FF DefaultSearchEngine: Cassiopesa
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml [2015-10-17]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\Rahmounette\AppData\Roaming\Mozilla\Firefox\Profiles\mr4na46l.default\Extensions\{2aa2594a-b561-4302-991c-987e7b7defc2} [2015-03-27] [non signé]
FF Extension: Slick Savings - C:\Users\Rahmounette\AppData\Roaming\Mozilla\Firefox\Profiles\mr4na46l.default\Extensions\{926e8dd8-c24b-42b4-acd3-ebb6c9b595f7}.xpi [2015-05-16] [non signé]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => non trouvé(e)
CHR HKLM-x32\...\Chrome\Extension: [kolgnaidildmdbfgdnoapjdianbpajne] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx
R2 acengine; C:\Program Files (x86)\Fast-Search\acengine.exe [2327712 2015-09-03] (Abengine) [Fichier non signé]
2015-10-24 19:19 - 2015-11-01 20:19 - 00000288 _____ C:\Windows\Tasks\Tny_Cassiopesa.job
C:\Windows\Tasks\Tny_Cassiopesa.job
2015-10-18 10:46 - 2015-10-18 14:18 - 00010472 _____ C:\Windows\SysWOW64\acengineOff.ini
2015-10-18 10:46 - 2015-10-18 14:18 - 00010472 _____ C:\Windows\system32\acengineOff.ini
2015-10-18 10:45 - 2015-09-03 04:17 - 00318720 _____ (Abengine) C:\Windows\system32\acengine64.dll
2015-10-18 10:45 - 2015-09-03 04:17 - 00269832 _____ (Abengine) C:\Windows\SysWOW64\acengine.dll
2015-10-17 08:55 - 2015-10-17 16:24 - 00000000 ____D C:\ProgramData\Boxore
2015-10-17 08:55 - 2015-09-22 14:40 - 00303984 _____ (Boxore OU) C:\Windows\SysWOW64\BoxoreService.dll
2015-10-17 08:54 - 2015-10-17 16:24 - 00000000 ____D C:\Program Files (x86)\Boxore
2015-10-17 08:50 - 2015-11-01 17:47 - 00000000 ____D C:\Program Files (x86)\Fast-Search
C:\Users\Rahmounette\AppData\Local\Temp\WIZZ\ioproduct_service.bat
Settings Manager (HKU\S-1-5-21-2305815244-784425162-993307193-1001\...\Settings Manager) (Version: 21.4.0.1 - Spigot, Inc.) <==== ATTENTION
Task: {7159874C-21A4-463C-B3E7-73D76F93E469} - System32\Tasks\Tny_Cassiopesa => C:\Users\RAHMOU~1\AppData\Local\{A0189~1\UNINST~1.EXE
Task: {8754CECA-F531-4E3E-BC39-D7D4CFC74383} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {DF82A962-E6A9-45DF-A350-91D817B7075C} - System32\Tasks\gze3012 => C:\Program Files (x86)\Fast-Search\gze3012.exe [2015-10-07] ()
C:\Users\RAHMOU~1\AppData\Local\{A0189~1\UNINST~1.EXE
C:\Program Files (x86)\Fast-Search\gze3012.exe
Task: C:\Windows\Tasks\Tny_Cassiopesa.job => C:\Users\RAHMOU~1\AppData\Local\{A0189~1\UNINST~1.EXE
2012-07-24 14:28 - 2012-07-24 14:28 - 00698048 _____ () C:\Users\Rahmounette\AppData\Roaming\BrowserCompanion\tbhcn.exe
FirewallRules: [TCP Query User{6685715A-034D-4262-882E-8103B8FB01BF}C:\program files (x86)\fluendo\moovida\moovida.exe] => (Allow) C:\program files (x86)\fluendo\moovida\moovida.exe
FirewallRules: [UDP Query User{8205B0C5-8958-4C22-A1CC-3AADC764E7AF}C:\program files (x86)\fluendo\moovida\moovida.exe] => (Allow) C:\program files (x86)\fluendo\moovida\moovida.exe
C:\program files (x86)\fluendo\moovida\moovida.exe
cmd: netsh winsock reset

EmptyTemp:
end

Publicité


Signaler le contenu de ce document

Publicité